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DETAILED ACTION 
Response to Amendment 

1 . Claims 1-17 were pending in this application at the time of the previous Office 
Action. New claims 18 and 19 have been added by the latest amendment. Claims 1-19 
are pending and have been examined. 

Response to Arguments 

2. Applicant's arguments filed 4-8-2005 have been fully considered but they are not 
persuasive. 

The applicant argues that Bladlow fails to teach supporting concurrent operations 
of a plurality of network compatible applications, yet such is taught at col. 3 lines 1-21 
where a number of concurrent services are managed simultaneously. 

The applicant argues that Bladlow fails to teach generation of a session identifier, 
yet such is taught at col. 3 line 35-45, where a session identifier is generated and sent 
to a server, either by the user logon data entry or by an application in the alternative. 

The applicant traverses the taking of Official Notice in claims 8 and 13 and asks 
for a showing of art. As a showing of art, the applicant's attention is drawn to, for 
example, Schneier, Applied Cryptography 2 nd Edition, Oct. 1995, pages 50-51 where 
generation of a random key for use in key establishment protocols is taught. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1, 5, 6, 7, 8, 11-13, and 16-19 are rejected under 35 U.S.C. 103(a)as 
being unpatentable over Bladow et al., US 6,115,040, and Schneier: Applied 
Cryptography 2 nd Edition, Oct. 1995 

As for claim 1 , Bladow teaches a system employed by a first application for 
supporting concurrent operation of a plurality of network compatible applications (col. 3 
lines 1-21), comprising: an entitlement processor for authorizing user access to said first 
application in response to validation of user identification information (col. 3 lines 30- 
46)., and a communication processor for initiating generation of a session identifier 
particular to a user initiated session and for use by a plurality of concurrently operating 
applications to uniquely identify said user initiated session in response to validation of 
user identification information (col. 3 lines 30-46). Bladlow does not explicitly teach 
generation of an encryption key for encrypting personal record parameters conveyed in 
URL data. However Schneier does teach this feature in page 50-51 . Therefore it would 
have been obvious to one of ordinary skill in the art at the time of the invention to 
incorporate this feature into the system of Bladlow. Motive to make this combination is 
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found for example at page 50 4 th paragraph where resistance to a man in the middle 
attack is an advantage of this approach. Such a benefit in an Internet URL request 
would be advantageous. 

As for claim 5, Bladow teaches a system according to claim 1 , including an input 
processor for receiving said session identifier and an associated encryption key from 
said managing application (col. 7 lines 30-45). 

As for claim 6, Bladow teaches a system according to claim 5, including an 
encryption processor for use in encrypting data associated with a personal record (col. 7 
lines 30-45). 

As for claim 7, Bladow teaches a system employed by a managing application for 
supporting concurrent operation of a plurality of network compatible applications (col. 3 
lines 1-21), comprising 1 , an input processor for receiving from a first application a 
session initiation request to initiate generation of a session identifier (col. 4 lines 1-1 2)\ 
a session identifier generator for generating a session identifier particular to a user 
initiated session and for use by a plurality of concurrently operating applications to 
uniquely identify said user initiated session (col.3 lines 30-46)., and a communication 
processor for, communicating said session identifier to said first application and 
communicating said session identifier to another application of said plurality of 
concurrently operating applications in response to a request to receive said generated 
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session identifier (col.3 lines 30-67, col. 4 lines 1-12). Bladlow does not explicitly teach 
generation of an encryption key for encrypting personal record parameters conveyed in 
URL data. However Schneier does teach this feature in page 50-51 . Therefore it would 
have been obvious to one of ordinary skill in the art at the time of the invention to 
incorporate this feature into the system of Bladlow. Motive to make this combination is 
found for example at page 50 4 th paragraph where resistance to a man in the middle 
attack is an advantage of this approach. Such a benefit in an Internet URL request 
would be advantageous. 

As for claim 1 1 , Bladow teaches a system supporting concurrent operation of a 
plurality of Internet compatible applications (col. 3 lines 1-21 ), comprising: a browser 
application providing a user interface display permitting user entry of identification 
information and commands for a plurality of Internet compatible applications and for 
providing user identification information to a first application for validation (abstract, fig. 
2 item 20: "Browser", fig. 4),' and a managing application for generating a session 
identifier particular to a user initiated session in response to receiving a session 
initiation request from a first application and for communicating said session identifier to 
said first application (col. 3 lines 1-21 , 30-46). ). Bladlow does not explicitly teach 
generation of an encryption key for encrypting personal record parameters conveyed in 
URL data. However Schneier does teach this feature in page 50-51 . Therefore it would 
have been obvious to one of ordinary skill in the art at the time of the invention to 
incorporate this feature into the system of Bladlow. Motive to make this combination is 
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found for example at page 50 4 th paragraph where resistance to a man in the middle 
attack is an advantage of this approach. Such a benefit in an Internet URL request 
would be advantageous. 

As for claim 12, Bladow teaches a system according to claim 1 1 , wherein said 
managing application also communicates to said first application data items including 
one or more of, (a) a key to be used in encrypting and decrypting a session identifier 
conveyed in URL data, (b) an indicator identifying whether or not a session initiation 
request is successful. 

As for claim 16, Bladow teaches a method employed by a first application 
operating in a system supporting concurrent operation of a plurality of Internet 
compatible applications (col. 3 lines 1-21), said method comprising the steps of: 
authorizing user access to said first application in response to validation of user 
identification information', and communicating a session initiation request to a managing 
application to initiate generation of a session identifier particular to a user initiated 
session in response to validation of user identification information (col. 3 lines 30-46). 
Bladlow does not explicitly teach generation of an encryption key for encrypting 
personal record parameters conveyed in URL data. However Schneier does teach this 
feature in page 50-51 . Therefore it would have been obvious to one of ordinary skill in 
the art at the time of the invention to incorporate this feature into the system of Bladlow. 
Motive to make this combination is found for example at page 50 4 th paragraph where 



Application/Control Number: 09/817,31 1 Page 7 

Art Unit: 2137 

resistance to a man in the middle attack is an advantage of this approach. Such a 
benefit in an Internet URL request would be advantageous. 

As for claim 17, Bladow teaches a method employed by a managing application 
for supporting concurrent operation of a plurality of network compatible applications (col. 
3 lines 1-21 ), comprising the steps of: receiving from a first application a session 
initiation request to initiate generation of a session identifier (col. 18 lines 12-65)*, 
generating a session identifier particular to a user initiated session and for use by a 
plurality of concurrently operating applications to uniquely identify said user initiated 
session (col. 3 lines 30-46)., and communicating said session identifier to said first 
application and to another application of said plurality of concurrently operating 
applications in response to a request to receive said generated session identifier (col. 
18 lines 13-65). ). Bladlow does not explicitly teach generation of an encryption key for 
encrypting personal record parameters conveyed in URL data. However Schneierdoes 
teach this feature in page 50-51 . Therefore it would have been obvious to one of 
ordinary skill in the art at the time of the invention to incorporate this feature into the 
system of Bladlow. Motive to make this combination is found for example at page 50 4 th 
paragraph where resistance to a man in the middle attack is an advantage of this 
approach. Such a benefit in an Internet URL request would be advantageous. 

Claims 8 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bladow and Official Notice. Bladow teaches al of the limitations of claims 7 and 1 1 upon 
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which claims 8 and 13 depend, but does not teach the feature of an encryption key 
generator for substantially randomly generating an encryption key particular to said user 
initiated session, in response to said session initiation request. However Official Notice 
may be taken that the use of a randomly generated key in session establishment 
protocols is a step that is old and well known in the art. Therefore it would have been 
obvious to one of ordinary skill in the art at the time of the invention to incorporate this 
feature into the system of Bladow. The motive to make this combination is discussed by 
Bladow in col. 7 lines 30-45 where the advantage of establishment of a secure session 
is discussed. Use of a randomly generated key would facilitate this secure session. 

As for claims 18 and 19, a tangible storage medium is inherent to the system of 
Bladlow. 

Allowable Subject Matter 

5. Claims 1 0 and 1 5 are allowed. 

6. Claims 2-4, 9, and 14 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 
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Conclusion 



7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paul E. Callahan whose telephone number is (703) 305- 
1336. The examiner can normally be reached on M-F from 9 to 5. 
If attempts to reach the examiner by telephone are unsuccessful, the Examiner's 
supervisor, Emmanuel Moise, can be reached on (703) 306-3035. The fax phone 
number for the organization where this application or proceeding is assigned is: (703) 
872-9306. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 
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